Описание
Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 (both inclusive) uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same ID as a legitimate one in a different credentials store to sign an event published to RabbitMQ with the legitimate credentials.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.8.0 (включая) до 2.10.2 (включая)
cpe:2.3:a:jenkins:eiffel_broadcaster:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 23%
0.00076
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 4.3
github
около 1 года назад
Cache confusion in Jenkins Eiffel Broadcaster Plugin
EPSS
Процентиль: 23%
0.00076
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-863